summary refs log tree commit diff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-04-16 13:38:15 +0200
committerFlorian Klink <flokli@flokli.de>2020-04-21 23:51:12 +0200
commit3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc (patch)
treec9c2b2f2d6dd37bc5354cb2c358e728b5b36eddc
parentb9c027da073b27a7bc0782b8e87464d4c10eca13 (diff)
downloadnixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.gz
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.bz2
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.lz
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.xz
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.tar.zst
nixpkgs-3dbd3f26517b4bc2e1bf908f2b6ffa479863fdcc.zip
rl-2003: Update the release documentation
It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not.

(cherry picked from commit 21c4a33ceef77dec2b821f7164e13971862d5575)
-rw-r--r--nixos/doc/manual/release-notes/rl-2003.xml8
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml
index b0940391b56..62251e0b25b 100644
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root";
      As well as this, the options <literal>security.acme.acceptTerms</literal> and either
      <literal>security.acme.email</literal> or <literal>security.acme.certs.&lt;name&gt;.email</literal>
      must be set in order to use the ACME module.
-     Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are
-     preserved and thus it is possible to roll back to previous versions without breaking certificate
-     generation.
+     Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le.
+     In particular private keys will not be preserved. However, the credentials for simp-le are preserved and
+     thus it is possible to roll back to previous versions without breaking certificate generation.
+     Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can
+     have consequences if you embed your public key in apps.
     </para>
    </listitem>
    <listitem>